Question 1

A multinational corporation has conducted a risk assessment of its data processing activities across different regions. The risk manager needs to record and report these findings. What is the most effective way to present this information to ensure it is useful for both local and global decision-making?

Options :

A : Separate reports for each region with an additional consolidated global report.

B : Oral presentations to each regional team without written documentation.

C : A single, global report summarizing all risks without regional specifics.

D : An extensive document detailing every risk identified, regardless of relevance.

Answer: A

Question 2

An online retail company is using the OCTAVE-S method to assess risks to its e-commerce platform. The team has identified critical assets and is in the second phase of OCTAVE-S. What is the next step, and why is it important for the risk assessment of the e-commerce platform?

Options :

A : Implementing general security policies without further analysis.

B : Focusing only on compliance with e-commerce regulations.

C : Identifying threats to the critical assets and evaluating the likelihood and impact of these threats.

D : Purchasing cybersecurity insurance for all identified risks.

Answer: C

Question 3

A university is assessing risks associated with its academic and administrative operations. Why is it important for the risk manager to understand these operations?

Options :

A : It is sufficient for the risk manager to focus only on external risks, such as market competition.

B : So the risk manager can assume the responsibilities of academic and administrative staff.

C : Understanding these operations is necessary to identify risks impacting academic integrity, data privacy, and operational efficiency.

D : The risk manager should only be concerned with risks in the university-s IT infrastructure.

Answer: C

Question 4

An IT service provider is monitoring and reviewing its risk management process. What is the primary objective of this stage according to ISO/IEC 27005?

Options :

A : Focusing exclusively on external audits without internal evaluations.

B : Completely discontinuing the risk management process after initial implementation.

C : Assuming that the implemented risk controls will remain effective indefinitely without further review.

D : Regularly assessing the effectiveness of the risk management process and making improvements as necessary.

Answer: D

Question 5

A financial institution has developed a risk treatment plan to address the risk of online fraud. The plan includes implementing multi-factor authentication and real-time fraud detection systems. Before proceeding, what factor is crucial for evaluating the acceptability of the risk treatment plan as per ISO/IEC 27005?

Options :

A : The level of residual risk after implementing the controls.

B : The technical feasibility of implementing the proposed controls.

C : The impact of the controls on user experience and customer satisfaction.

D : The compatibility of new controls with existing systems.

Answer: A

Higher Test Marks with Free Online ISO-27005-LRM Exam Practice

Buying Options: